Arkham

■■■■, that medium box with only 20 roots after 4 days XD

string is fu**in me up! scripting out a way of decoding the string… i have read a fair amount and think i understand how the string is constructed and encrypted but not getting it right. BAD MAGIC NUMBER. son of a !

when you finally restore batman powers. #proud #rootdance

Finally got user, this box is really fun and hard ahah

Type your comment> @rlfonseca said:

when you finally restore batman powers. #proud #rootdance

This is my current battle. I am losing!

working on root and i cannot find a way to switch user using password… tried rus, ps**** and st-p*****s. i got only a headache.
PM?

Is this possible to get a revshell on this machine with RCE? It seems I can only do some basic commands like ping.

yes, it’s possible

Thanks @MinatoTW for very painful box which made me learn tons of stuff … :smiley: and everyone who has helped me in the way, including @ophelia

Still floundering and stuck at our favourite superhero who, ironically, can do everything in the films but very little on this box! I gather that getting beyond Mr Wayne and on to Administrator probably has something to do with the .b** file and possibly also U**, though I’ve no idea what. Don’t even know what to Google at this point! Any tips?

Boom - got the root flag at last! Thank you so much to various people that helped me on this. Many lessons learnt here, good work @MinatoTW, great box.

If you’re struggling at the final hurdle, return to things you likely enumerated during your first 2 minutes of this challenge - don’t overcomplicate things that don’t need to be overcomplicated!

@19Rich i think that route is unintended but i may be wrong, anyway it works

I can decrypt, encrypt, sign and verify locally. I am failing to inject. Would someone review my approach? I don’t see what I’m doing wrong.

Type your comment> @davidlightman said:

I can decrypt, encrypt, sign and verify locally. I am failing to inject. Would someone review my approach? I don’t see what I’m doing wrong.

Same here as you, can decrypt original one, encrypt again, post to page and works. When i generate my own payload it doesn’t work … anyone can help me, im stuck for days :skull:

check what’s in the original v***e and think what server may be expecting before accepting it
i didn’t get this to work without modifying .j
files

There are a lot payloads you can try but only one of them works. Make sure to try all.

Also any privesc tips?

Ah, makes sense. Thanks.

Got user. Thanks to anyone who helped. Now on to root!

Please help… stuck on elevating by admin (last step)

Got user, would appreciate a pointer in the right direction for privesc.